[Buildroot] [PATCH 1/1] package/gupnp: security bump to version 1.2.6

Peter Korsgaard peter at korsgaard.com
Thu Jun 10 20:09:19 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-33516: An issue was discovered in GUPnP before 1.0.7 and
 > 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web
 > server can exploit this vulnerability to trick a victim's browser into
 > triggering actions against local UPnP services implemented using this
 > library. Depending on the affected service, this could be used for data
 > exfiltration, data tempering, etc.

 > Replace patch by upstream commit as current patch doesn't apply cleanly

 > https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
 > https://gitlab.gnome.org/GNOME/gupnp/-/blob/gupnp-1.2.6/NEWS

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list